Privacy Policy

Last Updated: February 22, 2025

Effective Date: February 22, 2025

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Information Sharing
  5. Data Storage and Security
  6. Your Rights
  7. Cookies and Local Storage
  8. Children's Privacy
  9. Third-Party Links
  10. Data Retention
  11. Changes to This Policy
  12. Contact Information

1. Introduction

Letter Sender ("we," "us," or "our") operates the website and mobile application at lettersender.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using Letter Sender, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Service.

2. Information We Collect

2.1 Account Information

When you create an account with Letter Sender, we collect the following information:

  • Email address — used for account identification, login, and communication
  • Name — used to personalize your experience and as a return address for mail
  • Profile photo — provided via Google Sign-In or uploaded during email registration

You may sign up using Google Sign-In (OAuth 2.0) or standard email registration. When you use Google Sign-In, we receive your name, email address, and profile photo from your Google account. We only request the minimum permissions necessary to authenticate your identity.

2.2 Mailing Information

To fulfill your mail orders, we collect:

  • Recipient names and mailing addresses — required to deliver your letters and postcards
  • Letter and postcard content — the text, messages, and formatting you create
  • Uploaded photos — images you upload for inclusion on postcards or in letters
  • Return address information — your address used as the sender on outgoing mail

2.3 Payment Information

Payment processing is handled entirely by Stripe, a PCI-compliant payment processor. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We may receive and store limited information from Stripe, such as the last four digits of your card, card brand, and billing address, for order confirmation and customer support purposes.

2.4 Usage Data

We automatically collect certain information when you access and use our Service, including:

  • Pages visited and features used — to understand how you interact with Letter Sender
  • Device information — device type, operating system, and browser type
  • IP address — used for security, fraud prevention, and general analytics
  • Timestamps — the date and time of your interactions with the Service

2.5 Address Book

Letter Sender allows you to save frequently used addresses in an address book. Saved addresses are stored locally on your device using AsyncStorage and may optionally be synced to your account on our servers for access across devices. You have full control over whether to sync your address book data.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the Service — including account creation, login, and core functionality
  • To process and deliver your mail orders through USPS — printing, addressing, and mailing your letters and postcards
  • To verify mailing addresses — through our address validation service to ensure accurate delivery
  • To process payments — securely handling transactions through Stripe for your mail orders
  • To communicate about your orders and account — sending order confirmations, delivery updates, and important account notifications
  • To improve our Service — analyzing usage patterns to enhance features, fix issues, and optimize performance
  • To comply with legal obligations — fulfilling our legal and regulatory requirements

4. Information Sharing

We share your information only with the following third-party service providers, and only to the extent necessary to operate the Service:

4.1 USPS (United States Postal Service)

Recipient addresses and mail content are provided to USPS for the physical delivery of your letters and postcards.

4.2 Lob (Mailing API)

We use Lob as our mailing API provider. Recipient and sender addresses, letter/postcard content, and uploaded photos are transmitted to Lob for printing, processing, and mailing through USPS. Lob acts as a data processor on our behalf. You can review Lob's privacy policy at lob.com/privacy.

4.3 Stripe (Payment Processing)

Payment information is processed by Stripe. When you make a purchase, your payment details are transmitted directly to Stripe's secure servers. You can review Stripe's privacy policy at stripe.com/privacy.

4.4 Firebase / Google (Authentication Services)

We use Firebase Authentication (a Google service) for secure user sign-in and account management. When you sign in with Google, authentication data is processed by Google. You can review Google's privacy policy at policies.google.com/privacy.

4.5 No Sale of Personal Information

We do NOT sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We do not share your data with data brokers. Your information is used solely for the purposes described in this Privacy Policy.

5. Data Storage and Security

We take the security of your personal information seriously and implement industry-standard measures to protect it:

  • Encryption at rest — account data is stored securely using industry-standard encryption on our servers
  • Local storage — address book data is stored locally on your device using AsyncStorage, giving you direct control over this data
  • Encryption in transit — all data transmission between your device and our servers uses HTTPS/TLS encryption
  • Secure authentication — Firebase Authentication provides secure sign-in with support for multi-factor authentication
  • Regular security reviews — we conduct periodic reviews of our security practices and infrastructure
  • Access controls — strict access controls limit who within our organization can access user data

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

You have the following rights regarding your personal information:

  • Access — you can request a copy of the personal data we hold about you
  • Correction — you can request that we correct any inaccurate or incomplete personal data
  • Deletion — you can request that we delete your account and all associated personal data
  • Data export — you can request an export of your data in a portable format
  • Opt out — you can opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us directly

To exercise any of these rights, please contact us at support@lettersender.app.

6.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by businesses and by extension their service providers
  • The right to opt out of the sale of personal information (we do not sell your data)
  • The right to non-discrimination for exercising your CCPA rights

To submit a CCPA request, please contact us at support@lettersender.app. We will verify your identity before fulfilling your request.

6.2 European Union Residents (GDPR)

If you are a resident of the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • The right to access your personal data
  • The right to rectification of inaccurate data
  • The right to erasure ("right to be forgotten")
  • The right to restrict processing of your data
  • The right to data portability
  • The right to object to processing
  • The right to withdraw consent at any time

Our legal basis for processing your data includes: performance of a contract (providing the Service), legitimate interests (improving our Service), and consent (where applicable). To exercise your GDPR rights, please contact us at support@lettersender.app.

7. Cookies and Local Storage

Letter Sender uses the following technologies to enhance your experience:

  • Authentication tokens — we use secure tokens for session management to keep you signed in across visits
  • Local storage — we use local storage (including AsyncStorage on mobile) for app preferences, cached data, and your saved address book
  • Essential cookies — we may use cookies strictly necessary for the functioning of the Service, such as session management and security

We do not use third-party advertising cookies or tracking cookies. We do not participate in ad networks or share your browsing data with advertisers.

8. Children's Privacy

Letter Sender is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at support@lettersender.app so we can take appropriate action.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account data — retained while your account is active
  • Order history — retained for as long as your account is active and as required for legal and accounting purposes
  • Mail content — retained for order fulfillment and for a reasonable period afterward for customer support
  • Payment records — retained as required by applicable tax and financial regulations

You may request deletion of your account and associated data at any time by contacting us at support@lettersender.app. Upon receiving a deletion request, we will delete your personal data within 30 days, except where retention is required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending an email notification to the address associated with your account (for material changes)
  • Displaying a prominent notice within the Service

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications to this Privacy Policy constitutes your acceptance of those changes.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@lettersender.app

Website: lettersender.app

We will respond to all legitimate requests within 30 days. If you feel that your concerns have not been adequately addressed, you may have the right to lodge a complaint with your local data protection authority.